HAL Id: hal-01686265https://hal.archives-ouvertes.fr/hal-01686265

Submitted on 17 Jan 2018

HAL is a multi-disciplinary open accessarchive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come fromteaching and research institutions in France orabroad, or from public or private research centers.

L’archive ouverte pluridisciplinaire HAL, estdestinée au dépôt et à la diffusion de documentsscientifiques de niveau recherche, publiés ou non,émanant des établissements d’enseignement et derecherche français ou étrangers, des laboratoirespublics ou privés.

A Causal Semantics for UML2.0 Sequence Diagramswith Nested Combined Fragments

Fatma Dhaou, Inès Mouakher, Christian Attiogbé, Khaled Bsaïes

To cite this version:Fatma Dhaou, Inès Mouakher, Christian Attiogbé, Khaled Bsaïes. A Causal Semantics for UML2.0Sequence Diagrams with Nested Combined Fragments. 12th International Conference on Evaluationof Novel Approaches to Software Engineering, Apr 2017, Porto, France. �10.5220/0006314100470056�.�hal-01686265�

A Causal Semantics for UML2.0 Sequence Diagrams with NestedCombined Fragments

Fatma Dhaou1, Ines Mouakher 1, Christian Attiogbe2 and Khaled Bsaies 1

1Lipah, Faculty of Sciences Tunis, Tunisia2Lina University of Nantes, France

Keywords: UML2.0 Sequence Diagrams, Semantics, Nested Combined Fragments.

Abstract: Combined Fragments (CF) are the new features added to UML2.0 sequence diagrams (SD). They have widelyincreased its expressiveness power, permitting to model complex behaviours, they can be nested to allow moresophisticated behaviours. We focus on the most popular CF of control-flow ALT, OPT, LOOP, SEQ allowingto model respectively alternative, optional, iterative and sequential behaviours. They require a meticulousprocessing for the generation of partial order between their events. We proposed in a previous work, a causalsemantics based on partial order theory, which is suitable for deriving of all possible valid traces for sequencediagrams with CF modelling behaviours of distributed systems. In this work, to deal with nested CF, we firstupdate the formalization of sequence diagram, then we extend this semantics.

1 INTRODUCTION

Context. The speed of design, the intuition andthe ease of graphical representation make UML2.0sequence diagrams (SD) a privileged language oftenused by the engineers in the software industries. Al-though the Object Management Group (OMG) (Ob-ject Management Group, 2009) has defined an offi-cial standard semantics for UML2.0 SD, some short-comings still persist. For instance, we report the in-adequacy of the standard semantics for the compu-tation of possible valid traces for an SD that modelsbehaviours of a distributed system.

Motivation. The defined rules by the OMG forderiving partial order of a given basic SD impose toorder the events along each lifeline, even if they arereceived from independent lifelines, which do not al-low the computation of all possible valid behaviours.This lead to the emergence of unspecified behavioursin the implementation.With UML2.0, the combined fragments allowthe modelling of several kind of behaviours.We focus especially on a subcategory ofCF: ALT, OPT, LOOP, SEQ; they permit a com-pact syntactic representation of behaviours. Incontrast, they cause challenges for the determinationof precedence relations between the events. Tocompute traces for SD equipped with these CF, theOMG standard recommends to flatten the underlyingSD to obtain basic SDs that are semantically equiva-lent. However, the benefits of the compact syntactic

representation are lost.Moreover, the ALT and the LOOP CF have a dif-ferent meaning than in the structured programminglanguages; although, to ease the processing of theseCF, the existing approaches (Gabor Huszerl, 2008),(Hammal, 2006), (Shen, 2013), restrict their use byinterpreting them in the same way. However, in thestandard they have much more flexible interpreta-tions allowing to model more complex behaviours;for instance the ALT CF is not equivalent to theIF − T hen− Else structure, and in the LOOP CF,weak sequencing between the iterations is applied,rather than strict sequencing, permitting the inter-leaving of the occurrence of the events of differentiterations.

In the practical cases, CF can be nested to model moresophisticated behaviours. All the cited problems areincreasing. In the standard semantics, the notion ofnested CF is briefly mentioned. In literature, fewworks (Shen, 2013), (Hammal, 2006), (Gabor Husz-erl, 2008) deal with nested CF. In (Gabor Huszerl,2008) the authors study the issues resulting of thenesting of some kinds of CF (different of thoseconsidered in this paper), and by limiting the nestinglevels of CF (Gabor Huszerl, 2008), (Hammal, 2006),or by proposing a complicated formalization veryclose to the target formalism (Shen, 2013).

Although the existing semantics that are proposedfor UML2.0 SD are various (øystein Haugen andSTAIRS, 2005), (Harel and Maoz, 2008), (Grosu and

Smolka, 2005), (Cengarle et al., 2005), but they areusually based on the rules of the standard semanticsfor the computation of traces of the SD, thus theyare not suitable for SD modelling behaviours of dis-tributed systems. This justifies the need of a seman-tics for UML2.0 SD with nested CF that models be-haviours of distributed systems.

Contribution. This paper extends our previouswork (Dhaou et al., 2015), in which we have extendedan existing semantics proposed for UML 1.X (O.Tahirand J.Cardoso, 2005) to deal with SD with the mostpopular combined fragments (ALT, OPT and LOOP),by processing the SD as a whole (without parsing theSD). We have proposed several rules to derive the par-tial order between the events.

We now propose some additional contributionsthat consist, in updating the formalization of sequencediagrams in order to support nested CF, as well as ex-tending the previous results: we generalize the previ-ous rules for the derivation of partial order betweenevents.

Organization. The remainder of the article isstructured as follows. In Section 2, we propose a run-ning example that is used to illustrate our approach.Section 3 is devoted to an overview of the causalsemantics. In Section 4, we provide the new for-malization, based on set theory and tree structure, ofUML2.0 SD that are equipped with nested CF. Thenin Section 5, we explain our approach for the exten-sion of causal semantics. Before concluding in Sec-tion 7, we present some related works in Section 6.

2 RUNNING EXAMPLE

We consider the interactions in a web site thatproposes trainings as an example of UML2.0 SDmodelling the behaviours of a distributed system (asdepicted in Fig.1, Fig.2 ). The web site has in-dependent components: the training o f f icer, thehome page, the custom page, the training page, andthe authentication page.

We model the update of the training catalog bythe training o f f icer (as depicted in Fig.2). Thetraining o f f icer has to authenticate at first (as de-picted in Fig.1). He enters the web site url, he canbe redirected directly to the custom page if he haschosen, in the last connection, the option to remainconnected for a limited duration. Otherwise, he isredirected to the authentication page. We have threepossible cases:• a successful authentication,• missing informations, in this case the site asks the

user to complete them,

• wrong login and / or wrong password, in this casethe site asks the training officer to correct them.

Authentification SD

home page

opt

alt

opt

loop

Custom page

[ option stay_connected=True][

Authentification page

[success]

[Failure1:missing_data ]

[Failure2:wrong _pwd or wrong_login ]

[1,100 ]

enter_url

redirect1

authentification_ request

redirect2

authentification_accepted

DNS_attack

please_complete

please_rectify

OP00OP11

OP21

OP31

OP41

OP23

OP22

Training officer

Figure 1: Authentification

SD2

Training officer Custom page training page

loop

alt

[1,3]

[choice1]

[choice2]

[choice3]

update _request

redirect3

add_ training

create _calender_ session

choose_ training

update_ session

delete_ session

view _list _of _participants

Figure 2: Update training catalog

In the second case, domain name system (DNS)attacks may accidentally occur.The Fig. 2 depicts the update of the training catalog.The training officer requests to update the trainingcatalog, he is redirected to the training page wherehe has three possible alternatives: i) he can add newtraining and create calender session; ii) he can choosetraining and update session, iii) he can remove train-ing, the list of participant to this training is displayed.

3 CAUSAL SEMANTICS

The causal semantics was proposed (O.Tahir andJ.Cardoso, 2005) for basic SD modelling behavioursof distributed systems. Its rules take into account

the independence of the components, (modelled bylifelines), involved in the interactions. Indeed, incontrast with the standard semantics that totally or-der the events on each lifeline even for the receivingevents from independent lifelines, the causal seman-tics imposes slighter scheduling constraints on the be-haviour of lifelines results in more expressive SDs,since each SD describes a larger number of acceptablebehaviours. This larger expressive power facilitatesthe task of the designer since a great number of caseshave to be considered, and permits to prevent the is-sue of the emergence of unspecified behaviours in theimplementation. The causal semantics is founded ona partial order theory. However, the causal semanticsis mainly proposed for basics UML1.X SD modellingbehaviours of distributed systems, and the applica-tion of its rules causes some inconsistencies (aberrantrelations, deadlock and inadvertent triggers of someevents (Dhaou et al., 2015)). Based on these verdicts,in our previous paper (Dhaou et al., 2015), we pro-posed an extension of the causal semantics that con-sists in defining and formalizing new rules for bothrelationships <RE and <EE for an SD with sequen-tial ALT, OPT and LOOP CF by avoiding their flat-tening. The new defined relationships permit to ob-tain the partial order between events, that allows tocompute all the possible valid traces of an SD mod-elling behaviours of a distributed system on a com-pact way. The previous approach consists in process-ing each concerning the various localizations of twoevents to be ordered.

Intuitively, the causal semantics (Sibertin-Blancand J., 2005) is based on the idea of ordering eventsif there is a logical reason to do so. Two successiveevents that are sent by the same lifeline are necessar-ily ordered. Two successive events on the same life-line that are received by two independent lifelines arenot necessarily ordered; even if the messages are sentby the same lifeline, the receiving events are not or-dered (if the architecture do not allow their ordering).In the following, we present briefly the rules of causalsemantics as defined in (O.Tahir and J.Cardoso, 2005)in informal way.Synchronization Relationship <SY NC. Each mes-sage m is received only if it was sent previously.Reception-Emission Relationship <RE . Receiving amessage causes the sending of the message that is di-rectly consecutive to it.Emission-Emission Relationship <EE . If two mes-sages are sent by the same lifeline their sending eventsare ordered.Causal order Relation <caus. This relation is definedas follows: <caus= (<SY NC

⋃<RE

⋃<EE)

The transitive closure of the relation <caus that we

note <+caus permits to obtain all the causal dependen-

cies between the events of the SD. The event occur-rence depends on the partial order relationship <caus.Illustration: in the Fig. 1, we consider the messagesenter url,redirect1,authentication request, accord-ing to the rules of the standard semantics: on thetraining o f f icer lifeline the events !enter url1 and!authentication request are ordered, on home pagelifeline the events ?enter url2, !redirect1 and?authentication request are ordered. With the rulesof the causal semantics the reception of the messagesenter url and authentication request are not orderedthus we obtain much more traces than with the rulesof the standard.

By applying the same approach for an SD withnested CF, we face a problem of combinatorial explo-sion in the number of possible cases for the localiza-tion of two successive events to order. In the next sec-tion, we propose a new formalization of the sequencediagrams that is required for the extension of causalsemantics to support nested combined fragments.

4 TOWARD A NEWFORMALIZATION

We consider a sub-set of SD containing combinedfragment of control-flow ALT, OPT, LOOP and SEQCF. The considered CF are sequential, and can benested to model more sophisticated behaviours. Weassume that the operands of the CF do not overlap,but can be nested. For the formalization of sequencediagrams equipped with nested CF, we choose, onthe one hand, the set theory notations3 that is aprivileged way due to its several advantages. Forinstance, although it is founded on first order logic,it permits to manipulate objects of high order suchas sets and relations of any depth (that is, sets andrelations built themselves on sets and relations,and so on) (Abrial, 1996). On the other hand, weuse the tree structure that is hierarchic by natureand it is convenient to capture the nested structureof SD, and allow to represent them in an intuitive way.

4.1 BACKGROUND

A tree is a data structure consisting of nodes orga-nized as a hierarchy. We summarize in the following

1!m denotes the sent of m message2?m denotes the reception of m message3N.B we use the same set theory notation as those of

Event-B method

the vocabulary that relates to tree structure. A tree iseither empty or a root node connected to 0 or moretrees (called subtrees). i) Root: it is a node at the topof the tree. There is only one root per tree and onepath from root node to any node, ii) parent: any node(except the root node) that has one edge downwardto a node is called a parent, iii) child: node belowa given node connected by its edge upward is calleda child node, iv) each node is either a leaf or an in-ternal node: an internal node has one or more chil-dren and a leaf node (external node) has no children,v) nodes with the same parent are siblings, vi) the de-scendants of a node n are all nodes reached from noden to the leaf nodes, vii) a path is a sequence of nodesn0,n1, ...,nn, where there is an edge from one node toan unique node. The path can be only downward, andit connect a node with a descendant, viii) the lengthof a path is the number of edges in the path, ix) theancestors of a node n are all nodes found on the pathfrom the root to node n, x) the depth of a node n is thelength of the path from root to n.

4.2 Sequence Diagram Definitions

Definition 1. (Sequence Diagram)A sequence diagram SD is a tupleSD : 〈L,M,EV T,FCT s,FCT r,FCT l,OP,F,<caus, tree OP〉where:

• L is a not empty set of lifelines, and card(L)≥ 2,• M is a not empty set of asynchronous messages

which is well formed. The set M is well formed ifevery message is identified by a pair of events: asent event and a received event,

• EV T = E s∪E r is a set of events such thatcard(EV T )≥ 24, E s = {!m | m ∈M} andE r = {?m |m ∈M} denote respectively the set ofsent events and the set of received events such thatE s∩E r = /0,

• for a set of message M we define two bijectivefunctions: i) FCT s : M�→E s5: for each messagewe associate one sent event; ii) FCT r : M�→E r:for each message we associate one received event,

• FCT l : EV T � L6 a total surjective function thatassociates to each event one lifeline, the transmit-ter or the receiver,

• F = {F1,F2, ...,Fn} is the set of n combined frag-ments, where Fi = 〈OPi,operatori,Li〉 is a CF thatis identified by its operands, an operator, and theset of lifelines that are covered by it,

4Cardinal of a set E5�→ denotes a bijective function6→→ denotes a total surjection

• <caus⊆EV T↔EV T denotes the partial order re-lationship,

• OP: a set of operands,• tree OP is a partial function that allows to struc-

ture the SD in the form of a tree of operands.

To obtain the local order within each lifeline noted<SD,l , we project the causal order relation <+

caus7 on

the lifeline l.

4.3 Operands and Tree Structure

Nesting combined fragments are not expressed in themeta-model, we propose its extension as illustrated inFig.3. We redefine the class Interaction Operand asan abstract class that can be instantiated by: a leafoperand and nested operands, where this latter can berelated to child operands.

We propose a formalization of UML2.0 SD that is

Interaction Operand

Leaf Operand Nested Operandsparent

child0..*

1

Figure 3: Interaction Operand Metamodel

compliant with the standard UML2.0 meta-model upto a renaming of some constituents. We opted for theuse of a tree structure that is hierarchic by nature, andthat is convenient to capture the nested structure of SDallowing to represent them in an intuitive way. An SDis abstracted as a tree of operands. Intuitively com-bined fragment will be viewed as an operator togetherwith its operands; this will be detailed in the sequel.Our approach supports multiple nesting levels of frag-ments. Neither the number of fragments enclosed byanother fragment nor the depth of operand nesting arelimited.

4.3.1 Operands

The SD is considered as a set of operands. We asso-ciate a label to each operand. Two operands with thesame index i belong to the same combined fragment;for instance, in Fig. 1, OP21, OP22 and OP23 belong tothe same CF ALT.

We consider the whole SD as a rootoperand that we note OP00; we define the setOP = (

⋃i={1..n}

OPi)∪{OP00}; where n is the number

of operands of the considered SD. Each operand inan SD has a weight. For instance, each operand of a

7R+: the transitive closure of R

SEQ, an ALT and an OPT CF have a weight equal to1, and an operand of a LOOP CF has a weight equalto a value max, where max is the maximum numberof iteration of the considered LOOP CF. We assumethat each operand of a CF has only one first event.The general definition of an operand in a combinedfragment is given as follows:

Definition 2. (Operand in Combined Fragment)We define a set of operands OPi in a CF Fi as follows:

OPi = {OPi, j={1..k} |OPi j =⟨guardi j,weighti j,EV T Di j

⟩}

where: i) k is the number of operands in CF Fi,ii) weighti j is the weight of the operand OPi j, iii)EV T Di j are the events that are directly contained inan operand OPi j.

We use the following functions to manipulate theoperands:

• EV T D permits to get the events that are directlycontained in each operand:

EV T D : OP→ P(EV T )8

• EV T G permits to get all the events that are con-tained in an operand including those which arecontained in its nested operands:

EV T G : OP→ P(EV T )

• weight permits to return the weight of eachoperand:

weight : OP→ NAT+

The instantiation of the definition 2 for SEQ, ALT,OPT and LOOP CF is given as follows:

Definition 3. (Operand in the SEQ CombinedFragment)A sequential combined fragment contains only

one operand linked to the SEQ operator.

OPSEQi = {OPi1}

where OPi1 = 〈True,1,EV T Di1〉Definition 4. (Operand in the ALT CombinedFragment)An alternative combined fragment Fi is composedof a set of k operands:

OPALTi = {OPi1, ...,OPik}

where OPi j =⟨(gi j ∧Ai j),1,EV T Di j

⟩and gi j is the guard of the operand OPi j, theweight is equal to 1, and Ai j is a predicate thatensures that we have exclusively one operand thatmust occur in combined fragment Fi.

8P(EVT): set of subsets E,→ denotes a total function

OP00

OP11 OP21 OP22

OP31

OP41

OP23

Figure 4: Tree associated to the SD of Fig.1

Definition 5. (Operand in the OPT CombinedFragment)An optional combined fragment Fi is composed ofone operand:

OPOPTi = {OPi1}

where OPi1 =⟨gi j,1,EV T Di j

⟩and gi1 is the guard of the operand OPi j.Definition 6. (Operand in the LOOP CombinedFragment)An iterative CF has one operand. Its events will

execute for at least the minimum mini of iterationsand no more than the maximum maxi of iterationsas long as the guard is evaluated to True.

OPLOOPi = {OPi1}

where OPi1 = 〈((gi1∧Bi)∨Ci),maxi,EV T Di1〉and gi1 is the guard of the LOOP operand; Bi isa predicate which indicates that the current itera-tion is between mini and maxi values of iteration.Ci is a predicate that is satisfied if the current it-eration is less than mini.

4.3.2 Tree Structure

An SD is a tree that is composed by a set of linkedoperands, such that each operand has at maximumone direct ancestor. For instance, the Fig. 4 illus-trates the associated tree for the SD of the Fig. 1.The root operand OP00 has no ancestor. Eachnode represents an operand, and has as childrenthe nested operands that are inside it.We define tree structure for SD operands as fol-lows:Definition 7. (Tree Structure for SD Operands)The tree structure tree OP related to an SD is de-fined as a partial function:

tree OP : OP 7→ OP

which is acyclic and non-reflexive. The root is theonly operand that does not have a parent:

(∀X)[X ∈OP∧X /∈ dom(tree OP)∧X ∈ ran(tree OP)

⇒ X = OP00]

We introduce new relations ancestor and brothersuch that the first one permits to associate to eachoperand all the operands where it is nested (itsnode ancestors in the tree OP); the second onepermits to link each operand to the other operandsof the same combined fragment (its brothers).– ancestor: a binary transitive relation that is de-

fined on OP.

ancestor : OP↔ OP9

For an operand X we compute its ancestors asfollows:

ancestor[{X}]10 =⋃

s∈{1,..,d}{tree OPs(X)}

Where d is the depth of the node X in thetree OP.Illustration: ancestor[{OP00}] = /0, andancestor[{OP31}] = {OP21,OP00}.

– brother: a binary transitive relation that is de-fined on a set OP.

brother : OP↔ OPTwo operands are brothers if they belong to thesame CF (it’s the case of operands of an ALTCF).

brother = {(OPi j,OPtk)|(OPi j,OPtk) ∈ OP2

∧(i = t ∧ j 6= k))}Illustration: the operands OP22,OP21,OP23 belongto the same CF ALT, thus they are brothers.brother[{OP11}] = /0 andbrother[{OP22}] = {OP21,OP23}

4.3.3 Weight of an event

We overload the function weight to associate theweight of the path between two operands.

weight : (OP×OP)→ NAT+

We overload the function weight that permits toassociate to each event its maximal number of oc-currence.

weight : EV T → NAT+

For an event evt such that evt ∈ EV T D(X), wecompute its weight as follows.

weight(evt) = ∏s∈{0,d}

weight(tree OPs(X))

= weight(OP00,X). With d = depth o f X

These formalizations of the structures SD and CFare used as a basis for the extension of the causalrelationships that permits to compute the partialorder between the events of the SD.

9↔ denotes a relation10R[{e}]: Relational image; gives the set of images

5 EXTENSION OF THECAUSAL SEMANTICS

The choice we make for structuring the sequencediagram in the form of tree gives us the advan-tage of redefining the <RE and <EE relationships,to support nested CF, by optimizing the numberof possible cases of event localizations to order.The synchronisation the <SY NC relationship is un-changeable. The formalizations of <RE and <EErelationships permit to order two events that be-long to the same lifeline and that are successive.To detail a bit, and to alleviate the presentationof the formalization of <RE and <EE rela-tionships, we introduce three binary relationsnot in brother, succ1 and succ2. In the follow-ing, we first give the intuition of each of thembefore their formalizations.

Two successive events that belong to distinctoperands of an ALT CF must not be ordered.The relation not in brother expresses this intu-ition: the successive events of an ALT CF to beordered should not belong to the same ancestor atany level (or brother operands).

not in brother={(e,e′)|(e,e′) ∈ EV T 2∧ (∀X)(∀Y )[X ∈ (ancestor[{EV T D−1(e)}]∪{EV T D−1(e)})∧Y ∈ (ancestor[{EV T D−1(e′)}]∪{EV T D−1(e′)})⇒ (X ,Y ) /∈ brother]}

Illustration:in Fig.1, the event!please complete ∈ OP22,the event !please recti f y ∈ OP23 andOP22 ∈ brother[{OP23}], hence the events!please complete and !please recti f y should notbe ordered.The event !DNS attacks ∈ OP41, theevent authentication accepted ∈ OP21,ancestor[{OP23}] = OP22 and OP22 ∈brother[{OP21}], hence the eventsauthentication accepted and !DNS attacksshould not be ordered.

Formally, we distinguish two successive events indifferent ways with two distinct relations succ1and succ2. These relations are used respectivelyin the formalization of <EE and <RE relation-ships. The relation succ1 relates two events thatbelong to the same lifeline and which are suc-cessive. Nevertheless, we admit between them,events that must necessarily belong to an operandthat can be omitted (i.e. the events between suc-cessive events do not belong to any operand an-

cestor of the operands of the considered events).

succ1={(e,e′)|(e,e′) ∈ EV T 2∧(∃l)[l ∈ L ∧ e <∗SD,l e′

∧ (∀e”)[e” ∈ EV T ∧ (e <∗SD,l e” ∧ e” <∗SD,l e′)⇒ EV T D−1(e”) /∈ (ancestor[{EV T D−1(e)}]∪ ancestor[{EV T D−1(e′)}])]]}

The relation succ2 expresses the same conditionsand effects as those defined in succ1 relation-ships, moreover it expresses that we admit re-ceived events between the successive events.

succ2= {(e,e′)|(e,e′) ∈ EV T 2∧(∃l)[l ∈ L ∧ e <∗SD,l e′ ∧ (∀e”)[e” ∈ EV T ∧(e <∗SD,l e” ∧ e” <∗SD,l e′)⇒ e” ∈ ran(FCT r) ∨EV T D−1(e”) /∈ (ancestor[{EV T D−1(e)}]∪ ancestor[{EV T D−1(e′)}])]]}

The relationship <EE permits to order two sentevents that satisfy the conditions expressed innot in brother and succ1 relations.

<EE= {(e,e′)|[(e,e′) ∈ (EV T )2 ∧e ∈ ran(FCT s) ∧ e′ ∈ ran(FCT s) ∧(e,e′) ∈ not in brother ∧ (e,e′) ∈ succ1}]

The relationship <RE permits to order two eventssuch that the first one is a received event andthe second one is a sent event, and both of themsatisfy the conditions expressed in not in brotherand succ2 relations.

<RE= {(e,e′)|[(e,e′) ∈ (EV T )2 ∧e ∈ ran(FCT r) ∧ e′ ∈ ran(FCT s) ∧(e,e′) ∈ not in brother ∧ (e,e′) ∈ succ2}]

5.1 Hidden Precedence Relations inLOOP Combined Fragment

The events inside a LOOP operand can have as pre-ceding events that can be located:

– for the first iteration: i) either outside the LOOPoperand and/or, ii) inside the LOOP operand ofthe same iteration.

– from the second iteration: i) either outsidethe LOOP operand and/or, ii) inside the LOOPoperand of the same iteration and/or of the pre-vious iterations.

We call hidden relations the relations between theevents of LOOP operand of the current iteration andthe events of the previous iterations (Fig.5). Theserelations appear when the LOOP operand is flatten atleast one time. Hence, the necessity of defining a newrelation <hcaus in which we express the constraints of

precedence between the events of the current iterationand the events of the previous iteration. In order tocompute the hidden precedence relations, we proposethe following steps: we flatten the LOOP operand onlyonce whatever is the number of iterations; we obtainan intermediate sequence diagram SD’.In SD’, we rename the operands as well as the eventsof the second iteration with the same name as those ofthe preceding iteration by labelling them with a singlequote (Fig. 6). We define the set EV T ′ to representthe events of the next iteration. <′RE and <′EE are re-spectively the reception-emission, and the emission-emission relationships associated to the SD’. In anSD we can have several LOOP operand that can be se-quenced or nested. In this case, the same processing isapplied by computing for each LOOP operand its hid-den relationships; we note <hcausX , the hidden rela-tions of a given LOOP operand named X . The formal-ization of the hidden relationships for a LOOP operandX is given as follows.

<hcausX= {(e,e′)|e ∈ EV T ∧ e′ ∈ EV T ′∧(e,e′) ∈<′RE ∨(e,e′) ∈<′EE}

Illustration1: consider the SD’ (depicted in Fig. 5),in the first iteration, the preceding event of !m2 is!m1, the preceding events of !m3 are ?m1 and ?m2.In the second iteration, the preceding event of !m2′

is !m4, the preceding events of !m3′ are ?m4 and ?m2′.

Illustration2: as we aforementioned, for an ALT CF,only one operand must be executed, hence it is in-tuitive that the events that belong to distinct operandsmust not be ordered, otherwise we have the deadlocksof some events.However, in some particular cases of nested struc-ture, we can face a problem that the events of dis-tinct operands of the same ALT CF (brother operands)can have precedence relations. The Fig. 7 repre-sents a possible execution of the SD (depicted inFig.6) containing nested CF. In the first iterationof the LOOP CF, the first operand of the ALT CFis executed; in the second iteration of the LOOPCF, the third operand of the ALT CF is executed.The event !view list o f participants, that belongsto the third operand of the ALT CF, has amongits preceding events: i) the event ?delete sessionthat belongs to the same operand, ii) the events?create calender session,?add training which bothbelong to the first operand of the the ALT CF. Which isproblematic, since the events of brother operands arenot ordered. This justifies the renaming of the eventsand the operands of the next iteration to prevent thisproblem.

In an SD we can have several LOOP operand that

SD'SD

m1

[5]loop

m4

m3

m2

m1

m4

m3

m2

m4

m3'

m2'

'

loop

L1 L2L2L1

Figure 5: Processing of an SD with LOOP CF

SD2

Training officer Custom page Training page

loop

alt [choice1]

[choice2]

[choice3]

update_ request

redirect3

add _training

create_ calender_ session

choose_ training

update _session

delete_ session

view_ list_ of_ participants

alt [choice1]

[choice2]

[choice3]

redirect3'

add_ training'

create_ calender _session'

choose _training'

update_ session'

delete _session'

view_ list _of _participans

Figure 6: Processing of an SD with Nested CF

SD3

Training officer Custom page Training page

update_request

redirect3

add_training

create_ calender_ session

delete_session

view_list _of_participants

redirect3'

Figure 7: Possible execution of The SD of the Fig. 6

can be sequenced or nested. In this case, the sameprocessing is applied by computing for each LOOPoperand its hidden relationships; the entire hiddenrelation is the union of the hidden relations of eachLOOP operand. Now, the causal relationships is com-puted as follows.

<caus=<SY NC ∪<RE ∪<EE ∪<hcaus

That means the ordering of events depends on thecumulative rules of the relationships. The valid traces

are those which can be generated satisfying these or-ders.The defined rules (<RE , <EE , <hcaus) may be appliedto the standard semantics by restoring the constraintsthat we relaxed. In the same way, these rules can beadapted for any kind of semantics by strengthening orweakening some constraints.

5.2 Behaviour of sequence diagrams

The behaviour of a given SD is a set of traces. Thetrace is a set of events occurrences. The occurrenceof an event depends on its definition.

5.2.1 The state of an event

The causal semantics (O.Tahir and J.Cardoso, 2005)deals only with basic SD. In the standard semantics,even the UML2.0 SD, that are equipped with CF, aretreated as basic SD, since the standard recommendstheir flattening. An event which belongs to a basic SDcan have two obvious basic states: executed or notyet executed. In our approach, we support sequencediagrams with sequential CF that can be nested. Thebasic states are not sufficient to express the state of anevent in an SD with sophisticated structures (nestedCF). Indeed, each event in such SD can be: not yetoccurred, occurred, consumed one or several times.Then, the variable state is defined as follows.

state : EV T → NAT

The state of an event is decreased whenever it is oc-curred or ignored. To describe the state of an event e,we use the following vocabulary:

• not yet occurred: when state(e) = weight(e),

• occurred: if the event e is executed or ignored oneor several times and 0 < state(e)< weight(e),

• consumed: when state(e) = 0.

During its execution, an SD can be in one state amongthe following states:

• an initial state, when all its events are not yet oc-curred,

• an intermediate state,

• a final state, when all its events are consumed:state = EV T ×{0}.

5.2.2 The definition of an event

The behaviour of an SD is the occurrence of its events.An event occurs under some conditions and producessome effects. Each event which belongs to SD withcombined fragment has triggers conditions including

causality with other events, require formalizing thecomputation of events preceding the current event,and execution effects.The textual description of the definition an event in agiven SD with nested CF is done as follows.

Triggers conditions consist in checking that: i) theprecedents events of the current event are occurred(executed or ignored), ii) the current event is not yetconsumed.Execution effects consist in: i) updating the state ofthe event.

6 RELATED WORKS

Most of existing semantics that are proposed forUML2.0 SD are based on the definitions of the stan-dard semantics for the computation of traces of anSD, thus they are not suitable for SD modelling be-haviours of distributed systems.

This mismatch has motivated the workof (Sibertin-Blanc and J., 2005), (O.Tahir andJ.Cardoso, 2005) who proposed a causal semanticsfor basic SD. In (Sibertin-Blanc and Tahir, 2006),to show the benefits and the adequacy of causalsemantics for SD modelling distributed systems, theauthors present three kinds of semantics: emissionsemantics, linear semantics and message sequencecharts (MSC) semantics.The linear semantics and the emission semantics im-pose a restrictive rules for the ordering of the eventsof the SD, and they are practicable only for a smallerkind of SD modelling some kind of systems. Thelinear semantics (Cardoso and Sibertin-Blanc, 2001)permits to order all the messages of the consideredSD by imposing a total serialization of the emissionand the reception of the messages. The emissionsemantics (Cardoso, Janette and Sibertin-Blanc,Christophe, 2002) imposes the total serialization ofemission of all the messages. The semantics of theMSC (Rudolph et al., 1996), predecessors of the SD,suffers from ambiguity of semantics interpretation(Alur et al., 1996). In the authors show that it canexists some kind of partial order between events thatdepend strictly on the considered architecture (forinstance, existence of one or several FIFO queuefor all the process...). The different partial orderdefined are (i) visual order: it corresponds to theorder of the events as they appear in the SD and thatdoes not reflect the occurrence order of the eventsduring the execution of the system, (ii) enforcedorder: it corresponds to the order of the events thatthe underlying architecture can guarantee to occuronly in the specified order, and (iii) inferred order: itis defined as the transitive closure of enforced order.

In our work, we consider the causal semantics that isfounded on a partial order theory. The causal-basedorder relation defined accounts for the precedencerelation between the events of an SD as far as allthe synchronization between lifelines are ensured bythe exchanged events, without the use of a globalcontroller or the addition of other messages.

The presence of CF causes difficulties for thederivation of traces, to ease the processing of theLOOP and the ALT CF, some works interpret theseCF similarly as in structured programming languageswhich lead to the lose of some possible traces. In(Hammal, 2006), (Gabor Huszerl, 2008), in orderto reduce the non-determinism of the ALT CF, theauthors transform it into an IF − T HEN − ELSEconstruct. In (Hammal, 2006), the authors stateclearly that for the loop CF, they 88prefer use strictsequencing rather than weak one to avoid a patholog-ical case of divergence in LOOP combination whenusing asynchronous communication′′. Similarly, in(Knapp and Wuttke., 2006), the authors define a newCF SLOOP that enforces strict sequencing betweenthe iterations. In our approach, we interpret the LOOPand ALT CF as in the standard semantics, differentlyof the interpretation in the structured programminglanguages. Moreover, since the rules of causalsemantics relaxed the constraint of the ordering ofthe events on each lifeline, we obtain all possibletraces for an SD modelling behaviours of distributedsystems.

Usually, the existing works neglect the issues re-lated to the use of nested CF in an SD. Although theiruse allows several complex scenarios that can be ag-gregated in a single sequence diagram, an inherentdifficulty of the interpretation and the analysis of theSD arises. The standard semantics (Object Manage-ment Group, 2009) does not propose a meta-modelfor nested CF. In the work of (Shen, 2013), the au-thors propose a formal semantics based on the rulesof the standard semantics, and that is close to the tar-get formalism (LTL) and complicated to apprehend.Moreover, they consider UML2.0 SDs having finitetraces with LTL formalism, that represents basicallyinfinite traces.

In (Gabor Huszerl, 2008), the authors considerconformance operators (ASSERT, IGNORE, CON-SIDER and NEGATE, permitting to categorize thetraces as invalid or valid, ALT and PAR) CF, and theyaim to define rules that allow or prohibit the nestingof these operators, by limiting the nesting level of CFto two levels.

In (Hammal, 2006), the authors propose a formaldefinitions for UML2.0 SD based on branching

time semantics and partial orders in a denotationalstyle, nevertheless the notion of nested CF is brieflymentioned, and no explicit formalization for them isproposed.

7 CONCLUSION

In this paper, we first defined an intuitive formal-ization, based on set theory and tree structure, of se-quence diagrams equipped with combined fragmentsthat can be nested. The formalization can be adaptedfor any kind of semantics. Then, we have extendedthe causal semantics by redefining its rules in a syn-thetic way. The new causal relationship allows tocompute all possible valid traces for SDs with nestedCF that model behaviours of distributed systems, byavoiding the flattening of SD equipped with (ALT,OPT, LOOP) CF, hence the compact syntactic repre-sentation is preserved.The proposed semantics can serves as basis for thederivation of traces of UML2.0 SD, as well as forthe definition of an operational semantics that facil-itates the analysis of the SD. Our approach is notrelated to any target translation formalism and canbe implemented by any formal method for its veri-fication, although it is already implemented, (Dhaouet al., 2015), (Dhaou et al., 2016), by Event-B methodoffering powerful tools (Rodin/Pro-B).

Meanwhile, we are extending our proposal tocover other concepts like the gates and the state in-variants which allow one to express more complexbehaviours and to cover other CF, in particular thosededicated to model parallel behaviours and invalid be-haviours. In addition, we currently study theoreticalproperties that are derived from the proposed seman-tics.

REFERENCES

Abrial, J.-R. (1996). The B Book. Cambridge UniversityPress.

Alur, R., Holzmann, G. J., and Peled, D. (1996). An An-alyzer for Message Sequence Charts. In SOFTWARECONCEPTS AND TOOLS, pages 304–313.

Cardoso, J. and Sibertin-Blanc, C. (2001). Ordering Ac-tions in Sequence Diagrams of UML. In 23rd Inter-national Conference on Information Technology In-terfaces, pages 3–14, J. Marohnica bb, 10000 Za-greb, Croatia. University Computing Centre Uniersityof Zagreb.

Cardoso, Janette and Sibertin-Blanc, Christophe (2002).An Operational Semantics for UML Interaction: Se-quencing of Actions and Local Control. Euro-

pean Journal of Automatised Systems, APII-JESA,36(7):1015–1028.

Cengarle, M. V., Graubmann, P., Wagner, S., and Munchen,T. U. (2005). Semantics of UML 2.0 Interactions withVariabilities.

Dhaou, F., Mouakher, I., Attiogbe, C., and Bsaies, K.(2015). Extending Causal Semantics of UML2.0 Se-quence Diagram for Distributed Systems. ICSOFT-EA2015 - Proceedings of the 10th International Confer-ence on Software Engineering and Applications, Col-mar, Alsace, France, pages 339–347.

Dhaou, F., Mouakher, I., Attiogbe, C., and Bsaıes, K.(2016). Refinement of UML2.0 Sequence Diagramsfor Distributed Systems. In Proceedings of the 11thInternational Joint Conference on Software Technolo-gies (ICSOFT 2016) - Volume 1: ICSOFT-EA, Lisbon,Portugal, July 24 - 26, 2016., pages 310–318.

Gabor Huszerl, Helene Waeselynck (ed.), Z. E. A. K.Z. M. (2008). Refined design and testing framework,methodology and application results.

Grosu, R. and Smolka, S. (2005). Safety-Liveness Seman-tics for UML 2.0 Sequence Diagrams. In 5th Int.Conf. on Application of Concurrency to System De-sign, page 614.

Hammal, Y. (2006). Branching Time Semantics for UML2.0 Sequence Diagrams. Lecture Notes in ComputerScience: Formal Techniques for Networked and Dis-tributed Systems - FORTE 2006, pages 259–274.

Harel, D. and Maoz, S. (2008). Assert and Negate Revis-ited: Modal Semantics for UML Sequence Diagrams.Software and System Modeling, 7(2):237–252.

Knapp, A. and Wuttke., J. (2006). Model Checking of UML2.0 Interactions. In Khne, T., editor, Models in Soft-ware Engineering, pages 42–51. Springer.

Object Management Group (2009). OMG Unified Model-ing Language (OMG UML), Superstructure Version2.2.

O.Tahir, C.-B. and J.Cardoso (2005). A Causality-BasedSemantics for UML Sequence Diagrams. In 23rdIASTED International Conference on Software Engi-neering, pages 106–111. Acta Press.

øystein Haugen, Knut Eilif Husa, R. K. R. and STAIRS(2005). Towards Formal Design with Sequence Di-agrams. In Software and System Modeling, volume 4,pages 355–357. John Wiley & Sons, Inc.

Rudolph, E., Grabowski, J., and Graubmann, P. (1996). Tu-torial on Message Sequence Charts (MSC’96).

Shen, H. (2013). A Formal Framework for Analyzing Se-quence Diagram. PhD thesis.

Sibertin-Blanc, C. and Tahir, O. (2006). From UML1.xto UML 2.0 Semantics for Sequence Diagrams. InRamos, F. F., Lrios, R. V., and Unger, H., editors,IEEE International Symposium and School on Ad-vance Distributed Systems (ISSADS), Mexico (Mex-ique). IEEE.

Sibertin-Blanc, C., T. O. and J., C. (2005). Interpretation ofUML Sequence Diagrams as Causality Flows. In Ad-vanced Distributed Systems, 5th Int. School and Sym-posium (ISSAD), number 3563, pages 126–140. ActaPress.